hxxps://drive[.]google[.]com/drive/folders/1iS9HLpa6Tov_lbA4ZWExrWge7M9ndJPS

Analysis

max time kernel
1799s
max time network
1791s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1iS9HLpa6Tov_lbA4ZWExrWge7M9ndJPS

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
7	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133615418713897976"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
1836	chrome.exe
1836	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 3132	4596	chrome.exe	85
PID 4596 wrote to memory of 3132	4596	chrome.exe	85
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 1144	4596	chrome.exe	86
PID 4596 wrote to memory of 5024	4596	chrome.exe	87
PID 4596 wrote to memory of 5024	4596	chrome.exe	87
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88
PID 4596 wrote to memory of 2560	4596	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1iS9HLpa6Tov_lbA4ZWExrWge7M9ndJPS
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aa29ab58,0x7ff9aa29ab68,0x7ff9aa29ab78
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1892,i,14043255602514110786,10765121001208099997,131072 /prefetch:2
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1892,i,14043255602514110786,10765121001208099997,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1892,i,14043255602514110786,10765121001208099997,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1892,i,14043255602514110786,10765121001208099997,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1892,i,14043255602514110786,10765121001208099997,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1892,i,14043255602514110786,10765121001208099997,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1892,i,14043255602514110786,10765121001208099997,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4792 --field-trial-handle=1892,i,14043255602514110786,10765121001208099997,131072 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1892,i,14043255602514110786,10765121001208099997,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1836

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
27KB

MD5
4b419751b95602190e663dcfb4397186

SHA1
584625bb902af71e0d551a72995cce18736bf738

SHA256
566e5021669d6f9d13f9af0fc133ffdb0d2f7b5ad5698aecbbfe1de1c9751ba2

SHA512
60d3976779651bf7652fe6e5e9bf2ed251439ee04a891d3dd5112cac2b7ae6b70cd7cc7a49cf2b71931a3308ebdf945a5254d60a6789ebbbcc749ea2742d0eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
99b68d9b4b8da414e606f088c4898aa8

SHA1
adb5f03839fc53649558ca11702b4a543fb9b83f

SHA256
2bd694970b01d7b2cf80a9ed83543c73fa740d6f35f404703eecac6f80a2805f

SHA512
95ea0f6d39580f4ed17812c87f92d13ea5fb4d74c883580d8f3ce0e343470fd9ffbefd2c67dd2862569bfaaf8c0daf0fdc2cad72e3423c65d6842965ccb697d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
5ee58539f30315d85cbb3e9f46ae78aa

SHA1
d00fcfd4300ba6a7d6de6abf9f434690aaf336a4

SHA256
42ef518fa9832618e08b61f490971c9f0c6d180a84f5445f25986eaa776632fc

SHA512
08f01e1a3de2dde3f6d7a9599da690dda4430883d890a0769929e19dfc3265b0b4fc754028a5dcf6ece6ad1fa9bb89789c039babd0fadfb4a82fd2557611f20e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
219a14a314e4c87de46cab0e5831291e

SHA1
f8e80db7c718f21f9cf7b76ab46d1723eacac6cf

SHA256
081d62b924ec3127d40442b9002581cf04e97f10f9698dacbde023c3bbfd07ca

SHA512
8a115369e1c9253258106bba5ea9c4f9ef6a1a50d7f2b89ad44b1f83161915a92baf248462f3c9d1603624fb4ace79973e50c854140778f8cead1cc10c3c44c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e3f364b1aea770011bebf615a8415445

SHA1
05110971b8fd6e89215bc56f40529956d02003c5

SHA256
0fa46074b80f71462bc031371b195bc68308c81d0b7afbd7460e795ab4856aed

SHA512
a784c252ccf2e4611a0d2c32b9fe78f4c88e48f4322efc9959a589d8435601b5a26aca8dfb40fcab8273e71f134f7d9b0faedacdbc521ea8d4d36ddfd3d4932a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
41f57a1945e233ffd37d0d71725b895c

SHA1
d27ec4150118ce75a0109f6718d013a07287e5ce

SHA256
5cb5a628d4fd2b056c554e9498de5e2bf8a6dbacee191d4a6e21fd1707a0c773

SHA512
c725c9b5168ff187e2ed05394516a58ecb2e815bd3eaba1c96982f974e29af4d55a21526648430747f960687a015041fc6e4e5c17058492d7f82f254f831000c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
05012bd24707042b6911d7294dc2c72c

SHA1
812a17e5b3b2c67679ca9eb3bb6318571d1bdfa8

SHA256
56d99342322906b57aa8b4aeb140c0324ac199a59032e7db5c885c2f9b3dc56e

SHA512
6e7c43166ced5feaf28bfaf77b1f9c131ea4f2c3d6ad8aa7f78a1af287c3751b3ba2d6db6e1cb9b9beb504a39149def7395bfddbe0e9740a162bd62ba3676e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6074a4c46e9acdc43f2131c1c553c477

SHA1
945ee646f1839d610bcde28cbd0d47cf28de3025

SHA256
0798ae09c2d716c85e5e17d95ec24569afdbec5bd828540cde2d98a6cf0de40b

SHA512
8c30bb1f481fa3afdd27eb9f3b701d1502689acac35c7ed2e2ae70ada79aba256af039738a94fba4bc1bf9f34af4886e4375858bcb997c359245682cc38ed85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8c27af1c0bd50ade1ee4923dcffa9989

SHA1
0a9990d38df7c47f86911a4f9b95b4e2a41de768

SHA256
aab3dde923fd2872bc201192040243cc19658a02a6e6eae6e805fda0e1652a4b

SHA512
613fa6aa2e3b6aea8c3ef3bddc3b772b8bac8ddb7e81c7a177e4f2a6614782ffaacf285c4ec1c97b3607d345ec4f00e1cfdacf105dbb4ee78da7634814c8dab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d0213b2f00acf27a913dae4c10a471e2

SHA1
18af7120af6bb6c9a187e0619246b636064548fa

SHA256
ebcecedf12bac9b4cbb42300a15eff0b5e352b2a0a8ce4711dde16008cfc5fc3

SHA512
4a90d68f479a669dc58b40ccecff59817dcb38a3b5440d1080f1376304fc725ede81862f20ded3809466d6cc75062f96e91d17cb8275e4fc14ab37e78a9fbb68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
f7ca6aa5aa5a5e3b873a3b4043992121

SHA1
6b3218b0396514c7ec4d26fd27d5417a05f2c0ec

SHA256
a4b6f19f1d28065ce7ad5bac2dc6293236a3253b4b380d71e9be9eb8e1e4c19b

SHA512
0c4dcc02cfa465ab06c795426db350b537e175ae773d76ff4c9295eabcd7b8866afc4a8a52e95c10c5d4c5076c1c184c8f081252cddca465e2d552cd28b808eb

Download Submit